import re

# 防止字符串sql注入
def sqlEscape(*args):
    args1 = list(args)
    for idx in range(len(args1)):
        args1[idx] = str(args1[idx]).replace("'","''")
    args1 = tuple(args1)
    return (len(args1) == 1 and args1[0]) or args1

# 防止字段sql注入
def sqlEscapeField(*args):
    args1 = list(args)
    for idx in range(len(args1)):
        match = re.search(r'[a-zA-Z0-9_]{1,64}', str(args1[idx]))
        if match:
            args1[idx] = match.group()
        else:
            args1[idx] = ""
    args1 = tuple(args1)
    return (len(args1) == 1 and args1[0]) or args1


if __name__=="__main__":
    # print(sqlEscape("select 'abc"))
    # a = "'23423"
    # b="'dhe"
    # c="uo3"
    # c,d= sqlEscape(a,b)
    # print(c,d)
    a = "12 23"
    b = "4AB56d 234"
    print(sqlEscapeField(a,b))